Category

Remote host terminated the handshake

William |
Last updated: May 20, 2020 09:59AM UTC

I'm trying to proxy some communication for an app on iOS. Unfortunately the app in question errors out with "The client failed to negotiate a TLS connection to site[.]com:443: Remote host terminated the connection"
I've followed https://portswigger.net/support/installing-burp-suites-ca-certificate-in-an-ios-device but it didn't fully solve my problem.

Hannah, PortSwigger Agent |
Last updated: May 20, 2020 01:41PM UTC

Hi. Could you tell me the version of Burp Suite you are using, and whether you are using the platform version or the standalone JAR file?

William |
Last updated: May 21, 2020 05:01AM UTC

Platform Version 2020.4.1 on macOS 10.14.6

Hannah, PortSwigger Agent |
Last updated: May 21, 2020 07:18AM UTC

Could you try disabling TLSv1.3?
You can do this by going to "Project options > TLS > TLS negotiation > Use custom protocols and ciphers > Uncheck TLSv1.3".

William |
Last updated: May 21, 2020 07:51AM UTC

Hello Hannah,
I disabled TLSv1.3 as recommended, but it is still failing with the same error.

Hannah, PortSwigger Agent |
Last updated: May 21, 2020 08:18AM UTC

Hi William
Could you try running Burp Suite with Java 14? You will likely need to re-enable TLSv1.3.
You can check the version of Java that Burp Suite is currently using by going to "Help > Diagnostics". The default version provided with the platform version of v2020.4.1 is Java 13.
Are you able to proxy any traffic from your mobile device?

William |
Last updated: May 21, 2020 10:31AM UTC

Hello Hannah,
I am able to proxy some of the traffic, but not for all apps. I tried it with AdoptOpenJDK 14, but the error is still the same.
```
»»»» java --version
openjdk 14 2020-03-17
OpenJDK Runtime Environment AdoptOpenJDK (build 14+36)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 14+36, mixed mode, sharing)
»»»» java -jar "/Applications/Burp Suite Professional.app/Contents/java/app/burpsuite_pro.jar"
Your JRE appears to be version 14 from AdoptOpenJDK
Burp has not been fully tested on this platform and you may experience problems.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by burp.dc (file:/Applications/Burp%20Suite%20Professional.app/Contents/java/app/burpsuite_pro.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of burp.dc
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
```

Hannah, PortSwigger Agent |
Last updated: May 22, 2020 07:47AM UTC

Have you tried using the mobile assistant or an appropriate extension?
- https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant
- Brida, Burp to Frida bridge (https://portswigger.net/bappstore/2c0def96c5d44e159151b236de766892)